All,

I was just noticing that doing SET ROLE changes the current session's
priviledges, but not any runtime configuration parameters (like work_mem
or statement_timeout) associated with the new role.

This is as documented (although I want to add a line to SET ROLE docs)
but is it the behavior we want? I for one would like SET ROLE to change
runtime configs.

--Josh

Search Discussions

  • Simon Riggs at Mar 11, 2009 at 9:40 pm

    On Wed, 2009-03-11 at 14:27 -0700, Josh Berkus wrote:

    I was just noticing that doing SET ROLE changes the current session's
    priviledges, but not any runtime configuration parameters (like work_mem
    or statement_timeout) associated with the new role.

    This is as documented (although I want to add a line to SET ROLE docs)
    but is it the behavior we want? I for one would like SET ROLE to change
    runtime configs.
    Sounds good to me, but you may want to explore what problems that might
    cause so we can avoid screwing up. Perhaps it could be an option?

    --
    Simon Riggs www.2ndQuadrant.com
    PostgreSQL Training, Services and Support
  • Greg Stark at Mar 11, 2009 at 9:44 pm

    On Wed, Mar 11, 2009 at 9:45 PM, Simon Riggs wrote:
    On Wed, 2009-03-11 at 14:27 -0700, Josh Berkus wrote:
    This is as documented (although I want to add a line to SET ROLE docs)
    but is it the behavior we want?  I for one would like SET ROLE to change
    runtime configs.
    Sounds good to me, but you may want to explore what problems that might
    cause so we can avoid screwing up. Perhaps it could be an option?
    Well for one thing pg_dump uses SET ROLE extensively and it sets
    parameters assuming they'll stay set

    --
    greg
  • Tom Lane at Mar 12, 2009 at 1:21 am

    Greg Stark writes:
    On Wed, Mar 11, 2009 at 9:45 PM, Simon Riggs wrote:
    On Wed, 2009-03-11 at 14:27 -0700, Josh Berkus wrote:
    This is as documented (although I want to add a line to SET ROLE docs)
    but is it the behavior we want?  I for one would like SET ROLE to change
    runtime configs.
    Well for one thing pg_dump uses SET ROLE extensively and it sets
    parameters assuming they'll stay set
    I think this is going to make the already-tricky semantics of GUC
    variables completely impossible. Per-user settings normally establish
    the session's RESET values of the variables and can be overridden (for
    the session or just for a transaction) by explicit SET. If the latter
    remains true it'd fix Greg's concern about pg_dump, but it's just
    mind-bending to think about what RESET means if we try to put this in.
    Assume we've done ALTER ROLE SET foo = something for our login
    role and ALTER ROLE x SET foo = somethingelse:

    start psql

    -- foo = something, presumably

    SET foo = other;

    SET ROLE x;

    -- foo still = other, presumably

    RESET foo; -- now what is foo?

    (if your answer is "somethingelse", justify this in terms of the
    documented behavior of RESET: restore to the session-start value.)

    RESET ROLE; -- now what is foo?

    (ie, does this action in itself change foo, and if so why?)


    Also, with all the whining I've seen in the past few days about not
    making application-breaking incompatible changes, it would seem
    appropriate to have a GUC to control whether we have this behavior or
    the old one. Discuss the implications of changing such a GUC partway
    through this sequence. For extra credit, explain what would happen if
    it were set via ALTER ROLE SET for one role or the other.

    In short: -1 from me.

    regards, tom lane
  • Robert Haas at Mar 12, 2009 at 1:43 am

    On Wed, Mar 11, 2009 at 9:21 PM, Tom Lane wrote:
    Greg Stark <stark@enterprisedb.com> writes:
    On Wed, Mar 11, 2009 at 9:45 PM, Simon Riggs wrote:
    On Wed, 2009-03-11 at 14:27 -0700, Josh Berkus wrote:
    This is as documented (although I want to add a line to SET ROLE docs)
    but is it the behavior we want?  I for one would like SET ROLE to change
    runtime configs.
    Well for one thing pg_dump uses SET ROLE extensively and it sets
    parameters assuming they'll stay set
    I think this is going to make the already-tricky semantics of GUC
    variables completely impossible.  Per-user settings normally establish
    the session's RESET values of the variables and can be overridden (for
    the session or just for a transaction) by explicit SET.  If the latter
    remains true it'd fix Greg's concern about pg_dump, but it's just
    mind-bending to think about what RESET means if we try to put this in.
    Assume we've done ALTER ROLE SET foo = something for our login
    role and ALTER ROLE x SET foo = somethingelse:

    start psql

    -- foo = something, presumably

    SET foo = other;

    SET ROLE x;

    -- foo still = other, presumably

    RESET foo;      -- now what is foo?

    (if your answer is "somethingelse", justify this in terms of the
    documented behavior of RESET: restore to the session-start value.)

    RESET ROLE;     -- now what is foo?

    (ie, does this action in itself change foo, and if so why?)


    Also, with all the whining I've seen in the past few days about not
    making application-breaking incompatible changes, it would seem
    appropriate to have a GUC to control whether we have this behavior or
    the old one.  Discuss the implications of changing such a GUC partway
    through this sequence.  For extra credit, explain what would happen if
    it were set via ALTER ROLE SET for one role or the other.

    In short: -1 from me.
    Maybe it would make more sense to have some option to SET ROLE or some
    separate command that resets all configuration parameters to the
    values that they would have had, if you had only logged in as that
    other user originally. I thought "RESET ALL" might do this, but it
    seems not.

    ...Robert
  • Josh Berkus at Mar 12, 2009 at 3:26 pm
    Tom,
    Discuss the implications of changing such a GUC partway
    through this sequence. For extra credit, explain what would happen if
    it were set via ALTER ROLE SET for one role or the other.

    In short: -1 from me.
    Heh. That's your best rejection yet. Someday I'll print out all the
    rejection e-mails from you and wallpaper my office. ;-)

    I guess what I'm really hoping to do is to hack ROLEs into a primitive
    resource management tool. Maybe this is the wrong approach, but we need
    *something* in this vein, and from an application development perspective
    combining permissions, connections and resource allocation via ROLES makes a
    lot of sense. The SET ROLE issue comes in pretty much for login management.

    --
    Josh Berkus
    PostgreSQL
    San Francisco
  • Simon Riggs at Mar 12, 2009 at 7:08 pm

    On Thu, 2009-03-12 at 08:26 -0700, Josh Berkus wrote:
    Tom,
    Discuss the implications of changing such a GUC partway
    through this sequence. For extra credit, explain what would happen if
    it were set via ALTER ROLE SET for one role or the other.

    In short: -1 from me.
    Heh. That's your best rejection yet. Someday I'll print out all the
    rejection e-mails from you and wallpaper my office. ;-)
    Josh, this isn't a rejection. Both Tom and I asked for more exploration
    of the implications of doing as you suggest. Tom has been more helpful
    than I was in providing some scenarios that would cause problems. It is
    up to you to solve the problems, which is often possible.

    I can't vouch for your taste in wallpaper, but this doesn't deserve a
    place in your collection...

    --
    Simon Riggs www.2ndQuadrant.com
    PostgreSQL Training, Services and Support
  • Josh Berkus at Mar 13, 2009 at 1:40 am

    Josh, this isn't a rejection. Both Tom and I asked for more exploration
    of the implications of doing as you suggest. Tom has been more helpful
    than I was in providing some scenarios that would cause problems. It is
    up to you to solve the problems, which is often possible.
    OK, well, barring the context issues, what do people think of the idea?

    What I was thinking was that this would be a setting on the SET ROLE
    statement, such as:

    SET ROLE special WITH SETTINGS

    ... or similar; I'd need to find an existing keyword which works.

    I think this bypasses a lot of the issues which Tom raises, but I'd want
    to think about the various permutations some more.

    --Josh
  • Robert Treat at Mar 13, 2009 at 4:29 am

    On Thursday 12 March 2009 21:39:54 Josh Berkus wrote:
    Josh, this isn't a rejection. Both Tom and I asked for more exploration
    of the implications of doing as you suggest. Tom has been more helpful
    than I was in providing some scenarios that would cause problems. It is
    up to you to solve the problems, which is often possible.
    OK, well, barring the context issues, what do people think of the idea?

    What I was thinking was that this would be a setting on the SET ROLE
    statement, such as:

    SET ROLE special WITH SETTINGS

    ... or similar; I'd need to find an existing keyword which works.

    I think this bypasses a lot of the issues which Tom raises, but I'd want
    to think about the various permutations some more.
    How bad of an idea would it be to split set session authorization to be
    privilege specific, and set role to focus on configiuration?

    --
    Robert Treat
    Conjecture: http://www.xzilla.net
    Consulting: http://www.omniti.com
  • Guillaume Smet at Mar 13, 2009 at 8:25 am

    On Fri, Mar 13, 2009 at 2:39 AM, Josh Berkus wrote:
    SET ROLE special WITH SETTINGS

    ... or similar; I'd need to find an existing keyword which works.
    Perhaps something like "SET ROLE special NEW SESSION;".

    It solves a problem mentioned by Tom as it's very clear that it's a
    new session so when you reset the settings to what they were at
    session start, you take the default settings of special.

    --
    Guillaume
  • Gregory Stark at Mar 13, 2009 at 10:52 am

    Guillaume Smet writes:
    On Fri, Mar 13, 2009 at 2:39 AM, Josh Berkus wrote:
    SET ROLE special WITH SETTINGS

    ... or similar; I'd need to find an existing keyword which works.
    Perhaps something like "SET ROLE special NEW SESSION;".

    It solves a problem mentioned by Tom as it's very clear that it's a
    new session so when you reset the settings to what they were at
    session start, you take the default settings of special.
    So this is just syntactic sugar for

    SET ROLE;
    RESET ALL;

    Or is it more or less?

    --
    Gregory Stark
    EnterpriseDB http://www.enterprisedb.com
    Ask me about EnterpriseDB's RemoteDBA services!
  • Josh Berkus at Mar 14, 2009 at 6:17 pm

    Gregory Stark wrote:
    Guillaume Smet <guillaume.smet@gmail.com> writes:
    On Fri, Mar 13, 2009 at 2:39 AM, Josh Berkus wrote:
    SET ROLE special WITH SETTINGS

    ... or similar; I'd need to find an existing keyword which works.
    Perhaps something like "SET ROLE special NEW SESSION;".

    It solves a problem mentioned by Tom as it's very clear that it's a
    new session so when you reset the settings to what they were at
    session start, you take the default settings of special.
    So this is just syntactic sugar for

    SET ROLE;
    RESET ALL;

    Or is it more or less?
    No, actually, since RESET ALL does not adopt the config settings of your
    current group role, but only the login role you logged in with, e.g.:

    postgres=# alter role manson set work_mem = '1MB';
    ALTER ROLE
    postgres=# \c - charles
    You are now connected to database "postgres" as user "charles".
    postgres=> show work_mem;
    work_mem
    ----------
    2MB
    (1 row)

    postgres=> set role manson;
    SET
    postgres=> reset all;
    RESET
    postgres=> show work_mem;
    work_mem
    ----------
    2MB


    I'd like to have that 2nd work_mem call to show "manson's" work_mem, or 1MB.

    What I want to be able to do is to set different bunches of resource
    management settings for various non-login inherited roles, and be able
    to choose profiles via a SET ROLE. The reason to do this, btw, instead
    of defining various login roles, is that different login roles can't
    share the same connection pool.

    --Josh
  • Tom Lane at Mar 14, 2009 at 8:04 pm

    Josh Berkus writes:
    What I want to be able to do is to set different bunches of resource
    management settings for various non-login inherited roles, and be able
    to choose profiles via a SET ROLE. The reason to do this, btw, instead
    of defining various login roles, is that different login roles can't
    share the same connection pool.
    The question is why this should be tied to SET ROLE, which already has
    well defined semantics that don't include any such behavior.

    regards, tom lane
  • Josh Berkus at Mar 15, 2009 at 9:47 pm

    Tom Lane wrote:
    Josh Berkus <josh@agliodbs.com> writes:
    What I want to be able to do is to set different bunches of resource
    management settings for various non-login inherited roles, and be able
    to choose profiles via a SET ROLE. The reason to do this, btw, instead
    of defining various login roles, is that different login roles can't
    share the same connection pool.
    The question is why this should be tied to SET ROLE, which already has
    well defined semantics that don't include any such behavior.
    Mostly because we don't have anywhere else to hang a "settings profile"
    than ROLEs. And currently, we can define settings with roles; the fact
    that those settings materially only apply to login roles and not to
    non-login roles could even be seen as inconsistent.

    --Josh
  • Tom Lane at Mar 15, 2009 at 10:09 pm

    Josh Berkus writes:
    Tom Lane wrote:
    The question is why this should be tied to SET ROLE, which already has
    well defined semantics that don't include any such behavior.
    Mostly because we don't have anywhere else to hang a "settings profile"
    than ROLEs.
    So we should fix that, if we want a feature like this.
    And currently, we can define settings with roles; the fact
    that those settings materially only apply to login roles and not to
    non-login roles could even be seen as inconsistent.
    [ shrug... ] The behavior of SET ROLE is defined by the standard. The
    behavior at login is not.

    regards, tom lane
  • Bruce Momjian at Mar 28, 2009 at 3:25 am

    Josh Berkus wrote:
    Josh, this isn't a rejection. Both Tom and I asked for more exploration
    of the implications of doing as you suggest. Tom has been more helpful
    than I was in providing some scenarios that would cause problems. It is
    up to you to solve the problems, which is often possible.
    OK, well, barring the context issues, what do people think of the idea?

    What I was thinking was that this would be a setting on the SET ROLE
    statement, such as:

    SET ROLE special WITH SETTINGS

    ... or similar; I'd need to find an existing keyword which works.

    I think this bypasses a lot of the issues which Tom raises, but I'd want
    to think about the various permutations some more.
    I have added the following TODO:

    Allow role-specific ALTER ROLE SET variable settings to be processed
    independently of login; SET ROLE does not process role-specific variable
    settings

    * http://archives.postgresql.org/message-id/49B82CD7.20802@agliodbs.com

    and the attached patch which better documents our current behavior.

    --
    Bruce Momjian <bruce@momjian.us> http://momjian.us
    EnterpriseDB http://enterprisedb.com

    + If your life is a hard drive, Christ can be your backup. +
  • Simon Riggs at Mar 28, 2009 at 7:51 am

    On Fri, 2009-03-27 at 23:25 -0400, Bruce Momjian wrote:
    Josh Berkus wrote:
    Josh, this isn't a rejection. Both Tom and I asked for more exploration
    of the implications of doing as you suggest. Tom has been more helpful
    than I was in providing some scenarios that would cause problems. It is
    up to you to solve the problems, which is often possible.
    OK, well, barring the context issues, what do people think of the idea?

    What I was thinking was that this would be a setting on the SET ROLE
    statement, such as:

    SET ROLE special WITH SETTINGS

    ... or similar; I'd need to find an existing keyword which works.

    I think this bypasses a lot of the issues which Tom raises, but I'd want
    to think about the various permutations some more.
    I have added the following TODO:

    Allow role-specific ALTER ROLE SET variable settings to be processed
    independently of login; SET ROLE does not process role-specific variable
    settings

    * http://archives.postgresql.org/message-id/49B82CD7.20802@agliodbs.com

    and the attached patch which better documents our current behavior.
    I don't think there is an agreed todo item there. We were in the middle
    of discussing other ideas and this is the wrong time to have a longer
    debate on the topic. We should not squash other ideas by putting this as
    a todo item yet.

    --
    Simon Riggs www.2ndQuadrant.com
    PostgreSQL Training, Services and Support
  • Bruce Momjian at Mar 28, 2009 at 2:21 pm

    Simon Riggs wrote:
    On Fri, 2009-03-27 at 23:25 -0400, Bruce Momjian wrote:
    Josh Berkus wrote:
    Josh, this isn't a rejection. Both Tom and I asked for more exploration
    of the implications of doing as you suggest. Tom has been more helpful
    than I was in providing some scenarios that would cause problems. It is
    up to you to solve the problems, which is often possible.
    OK, well, barring the context issues, what do people think of the idea?

    What I was thinking was that this would be a setting on the SET ROLE
    statement, such as:

    SET ROLE special WITH SETTINGS

    ... or similar; I'd need to find an existing keyword which works.

    I think this bypasses a lot of the issues which Tom raises, but I'd want
    to think about the various permutations some more.
    I have added the following TODO:

    Allow role-specific ALTER ROLE SET variable settings to be processed
    independently of login; SET ROLE does not process role-specific variable
    settings

    * http://archives.postgresql.org/message-id/49B82CD7.20802@agliodbs.com

    and the attached patch which better documents our current behavior.
    I don't think there is an agreed todo item there. We were in the middle
    of discussing other ideas and this is the wrong time to have a longer
    debate on the topic. We should not squash other ideas by putting this as
    a todo item yet.
    Since when does a TODO item squash ideas? I didn't chisel the TODO item
    in stone; if there is more discussion, someone can update the TODO
    item. Leaving stuff dangle around undocumented is the wrong approach.
    As it is the TODO items is vague.

    --
    Bruce Momjian <bruce@momjian.us> http://momjian.us
    EnterpriseDB http://enterprisedb.com

    + If your life is a hard drive, Christ can be your backup. +
  • Josh Berkus at Mar 28, 2009 at 7:10 pm
    Bruce, Simon,
    I don't think there is an agreed todo item there. We were in the middle
    of discussing other ideas and this is the wrong time to have a longer
    debate on the topic. We should not squash other ideas by putting this as
    a todo item yet.
    I agree. We don't have consensus on the TODO. We need to hash it out
    more after 8.4 goes beta.

    --Josh
  • Bruce Momjian at Mar 28, 2009 at 7:31 pm

    Josh Berkus wrote:
    Bruce, Simon,
    I don't think there is an agreed todo item there. We were in the middle
    of discussing other ideas and this is the wrong time to have a longer
    debate on the topic. We should not squash other ideas by putting this as
    a todo item yet.
    I agree. We don't have consensus on the TODO. We need to hash it out
    more after 8.4 goes beta.
    OK, I am confused, but item removed. :-|

    --
    Bruce Momjian <bruce@momjian.us> http://momjian.us
    EnterpriseDB http://enterprisedb.com

    + If your life is a hard drive, Christ can be your backup. +
  • Bernd Helmle at Mar 11, 2009 at 9:56 pm
    --On Mittwoch, März 11, 2009 21:45:00 +0000 Simon Riggs
    wrote:
    This is as documented (although I want to add a line to SET ROLE docs)
    but is it the behavior we want? I for one would like SET ROLE to change
    runtime configs.
    Sounds good to me, but you may want to explore what problems that might
    cause so we can avoid screwing up. Perhaps it could be an option?
    I had exactly the same intention yesterday. Maybe something along the line
    of su - is what we want, thus expanding such a functionality with an
    optional argument to SET ROLE.


    --
    Thanks

    Bernd
  • Simon Riggs at Mar 27, 2009 at 8:18 am

    On Wed, 2009-03-11 at 14:27 -0700, Josh Berkus wrote:

    I was just noticing that doing SET ROLE changes the current session's
    priviledges, but not any runtime configuration parameters (like work_mem
    or statement_timeout) associated with the new role.

    This is as documented (although I want to add a line to SET ROLE docs)
    but is it the behavior we want? I for one would like SET ROLE to change
    runtime configs.
    Thinking some more about the requirements for this and various
    objections.

    I'm guessing that there's a small cluster of parameters you want to
    alter using this. It seems easier to think about those parameters and to
    look at ways of managing those. Perhaps what we need is not parameters
    on roles, but a related concept: profiles.

    Profiles define the limits and priorities given to certain categories of
    work. So one profile might be work_mem = 128M and constraint_exclusion =
    on, others could differ. If we invent a new concept, we get to define
    the semantics from scratch. Maybe RESET doesn't work with profiles,
    maybe you can't change user parameters set by a profile, maybe they
    allow you to define maximum values. Maybe. Maybe. Nice clear
    distinction: roles manage privileges, profiles manage
    resources/optimisation.

    The main reason for abstraction is that we can avoid hardcoding resource
    management data into applications, so that when we upgrade we don't need
    to retune or re-arrange everything.

    8.5 obviously. But if some time is given to a coherent design that
    focuses on what we actually want rather than on a specific solution, we
    may find there is a neat way to do this without breaking anything.

    --
    Simon Riggs www.2ndQuadrant.com
    PostgreSQL Training, Services and Support
  • Robert Haas at Mar 27, 2009 at 4:25 pm

    On Fri, Mar 27, 2009 at 4:04 AM, Simon Riggs wrote:
    On Wed, 2009-03-11 at 14:27 -0700, Josh Berkus wrote:

    I was just noticing that doing SET ROLE changes the current session's
    priviledges, but not any runtime configuration parameters (like work_mem
    or statement_timeout) associated with the new role.

    This is as documented (although I want to add a line to SET ROLE docs)
    but is it the behavior we want?  I for one would like SET ROLE to change
    runtime configs.
    Thinking some more about the requirements for this and various
    objections.

    I'm guessing that there's a small cluster of parameters you want to
    alter using this. It seems easier to think about those parameters and to
    look at ways of managing those. Perhaps what we need is not parameters
    on roles, but a related concept: profiles.
    I think this is way over-engineered. All we really need here is a
    command along the lines of RESET ALL AS CURRENT USER that gives every
    GUC the value it would have had if you logged in under the current
    user's account. Simple, clean, no new keywords.

    ...Robert
  • Tom Lane at Mar 27, 2009 at 4:33 pm

    Robert Haas writes:
    I think this is way over-engineered. All we really need here is a
    command along the lines of RESET ALL AS CURRENT USER that gives every
    GUC the value it would have had if you logged in under the current
    user's account. Simple, clean, no new keywords.
    Doesn't do anything for autovacuum though...

    BTW, does pg_dumpall know to dump ALTER USER SET settings attached
    to built-in roles (such as the proposed "autovacuum" role)? I'd bet
    it doesn't do that. Even if it does, that seems like a more awkward
    way to push settings over to a new installation than copying your
    postgresql.conf file.

    Simon's idea of "profiles" sounds worth pursuing to me, but clearly
    it's not happening for 8.4.

    regards, tom lane
  • Josh Berkus at Mar 27, 2009 at 5:01 pm
    Tom,
    BTW, does pg_dumpall know to dump ALTER USER SET settings attached
    to built-in roles (such as the proposed "autovacuum" role)? I'd bet
    it doesn't do that. Even if it does, that seems like a more awkward
    way to push settings over to a new installation than copying your
    postgresql.conf file.

    Simon's idea of "profiles" sounds worth pursuing to me, but clearly
    it's not happening for 8.4.
    I don't see why having a *separate* concept of profiles in addition to
    the ROLES is helpful. It seems like building a whole new house when all
    we really need is to expand the garage.

    --Josh
  • Tom Lane at Mar 27, 2009 at 5:31 pm

    Josh Berkus writes:
    Simon's idea of "profiles" sounds worth pursuing to me, but clearly
    it's not happening for 8.4.
    I don't see why having a *separate* concept of profiles in addition to
    the ROLES is helpful. It seems like building a whole new house when all
    we really need is to expand the garage.
    Simon already pointed out one major reason: we can define the semantics
    of such things without creating any backwards-compatibility issues,
    whereas fooling with the behavior of roles by themselves is likely to
    create some issues.

    However, this is all 8.5 material in any case, and I'm going to stop
    paying attention now because I'm trying to get to 8.4 beta.

    regards, tom lane
  • Robert Haas at Mar 27, 2009 at 5:32 pm

    On Fri, Mar 27, 2009 at 12:33 PM, Tom Lane wrote:
    Robert Haas <robertmhaas@gmail.com> writes:
    I think this is way over-engineered.  All we really need here is a
    command along the lines of RESET ALL AS CURRENT USER that gives every
    GUC the value it would have had if you logged in under the current
    user's account.  Simple, clean, no new keywords.
    Doesn't do anything for autovacuum though...
    Nope, but I think that can be solved separately.

    ...Robert

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppgsql-hackers @
categoriespostgresql
postedMar 11, '09 at 9:28p
activeMar 28, '09 at 7:31p
posts27
users9
websitepostgresql.org...
irc#postgresql

People

Translate

site design / logo © 2021 Grokbase